Cyber warning issued for key healthcare organisations
6 May 2020
The National Cyber Security Centre (NCSC) has issued a cyber security warning to healthcare organisations involved in the COVID-19 response. Following publication of the lasted joint advisory, the NCSC and US Cybersecurity and Infrastructure Security Agency (CISA) wish to raise awareness of malicious cyber campaigns that are exploiting the coronavirus outbreak for personal gain.
After seeing an increase in corona-related email scams, and the use of ‘password spraying’ to access accounts using commonly known passwords, the NSCS has created a Suspicious Email Reporting Service and published a list of the most commonly hacked passwords which attackers are known to use to enable target organisations such as healthcare bodies, pharmaceutical companies and research organisations to work towards improved security protocols.
Zeki Turedi, Technology Strategist, CrowdStrike said: "The NCSC is right to warn healthcare organisations involved in the coronavirus response that they are at huge risk. A vaccine is undoubtedly the most valuable commodity in the world right now - and adversaries will stop at nothing to get access to it. In fact, we have seen a 100x increase in malicious coronavirus-related files circulating in recent months.
“Adversaries are leveraging COVID-19 lures to launch targeted attacks against an overstretched healthcare industry. We’re in a state of high alert when it comes to information pertaining to COVID-19 and the current situation has created the perfect storm.
“To defend against these threats, it’s crucial these organisations take a proactive approach and maintain a holistic view of their IT environment, with full control and visibility of all activity happening in their network. This includes having an understanding of the broader threat landscape so organisations can quickly identify adversaries and their techniques, learn from attacks, and take action on indicators to strengthen their overall defences.”